Senior Director, Information Security
Atlanta
OneTrust
Meet the industry-leading trust intelligence platform for managing Privacy and Data Governance, GRC and Security, Ethics and Compliance, and ESG and Sustainability.Strength in Trust
OneTrust is the trust intelligence cloud platform organizations use to transform trust from an abstract concept into a measurable competitive advantage. Organizations globally use OneTrust to enable the responsible use of data while protecting the privacy rights of individuals, implement and report on their cyber security program, make their social impact goals a reality, and create a speak up culture of trust. Over 14,000 customers use OneTrust's technology, including half of the Global 2,000. OneTrust currently ranks #24 on the Forbes Cloud 100 list of top private cloud companies in the world and employs over 2,000 people in regions across North America, South America, Asia, Europe, and Australia.
The Challenge
As a cloud only SaaS platform, product security is at the forefront of what we do. We strive to build products that are Secure by Design. The Sr. Director of Information Security (GRC) is responsible for day-to-day operations to support and augment the CISO’s overall responsibilities. This position requires strong written and oral communication skills, as well as the ability to communicate detailed technical information in a manner comprehensible by individuals at varying degrees of experience and skill. The role requires the ability to speak confidently in front of large groups and with senior management, vendors, and service providers. The Sr. Director of Information Security provides leadership and contributes to the IT security strategy and roadmap. Strong program, people and project management skills are required.
Your Mission
- The Sr. Director of Information Security reports to the Chief Information Security Officer and is responsible for day-to-day operations to support and augment the CISO’s
- BA/BS in Computer Science, Engineering, Math, or related subject
- 15+ years of hands-on information security; security-related cloud operations
- Security standard methodologies and concepts
- Preferred certifications: CISSP, CCSP, SSCP, etc.
- Microsoft Azure experience preferred.
- Critical thinking, problem-solving, and decision-making capabilities
- Strong visionary skills to excel in a complex and rapidly evolving environment
- overall responsibilities.
- Acts as the functional lead for all activities in the Governance Risk and Compliance (GRC) organization.
- Builds a growing team of cross functional information security and operations professionals to ensure security issues in our products are detected early and remediated quickly.
- Provides strategic planning, organization, and technical guidance to GRC department.
- Is responsible for many functions within the Info Security organization. Such as: Vendor and Customer security, 3rd party risk management, internal risk management, internal and external audits (PCI, ISO, HITRUST, SOC 2, etc.), security policy management, contract reviews, security questionnaires and RFP’s, BCP/DR, security awareness training, etc.
- Defines technical standards, policies, and procedures for each department to ensure consistency and compliance.
- Works directly with business units to facilitate risk assessment and risk management processes.
- Understands and interacts with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems, and services.
- Partners with stakeholders across the company to raise awareness of risk management concerns.
- Assists with the overall business technology planning, providing a current knowledge and future vision of technology and systems.
- Fosters a culture of collaboration, innovation, and continuous improvement within each department.
- Leads risk remediation analysis and activities identified by internal and external audits.
- Applies security principles, theories, and concepts to job assignments. Solves a diverse range of complex problems working with limited direction.
- Oversees the daily operations and activities of the Security Governance, Risk and Compliance (GRC) organization.
- Works cross-functionally with Core Teams to apply polices to provide end-to-end security within the enterprise environment, software development lifecycle, including product security, IAM, networking, storage, databases, logging, and CI/CD pipelines.
- Develops information security strategies and roadmaps based on risk management practices aligning to business needs.
- Proactively assessing and identifying information security risk, effectively communicating findings, and follow established risk management processes.
- Reviews and assess the effectiveness of security controls, processes, and technologies implemented by each department.
- Collaborates with department heads to optimize resource allocation, budget planning, and staffing requirements.
- Oversees multiple audits throughout the year. Works with external and internal auditors to maintain compliance and certifications.
- Oversees penetration testing activities to evaluate the security of applications, systems, and networks.
- Collaborates with department heads on risk evaluations and logging issues, risks and exceptions in our GRC platform
- Leads the investigation and resolution of complex security incidents, ensuring lessons learned and continuous improvement.
- Identifies opportunities to improve, evangelize, and embed security standards and processes into existing processes to ensure standardization of project implementation.
- Documents detailed security needs and baselines for current and future enterprise environments
- Tracks and shares emerging security practices and standards by participating in educational opportunities, reading professional publications, and participating in professional organizations.
- Subject matter expert in security-related matters, representing the organization in external forums, conferences, and industry working groups.
- Works with technology vendors to explore opportunities to add value to the enterprise environments.
You Are
- Technology oriented: You may not be the only hands involved in a project, but you don’t mind getting involved and have deep understanding of current trends and technologies.
- A Relationship builder: Ability to listen, build rapport, and credibility as a strategic partner vertically within the business unit, as well as with leadership and functional teams.
- A Strategic thinker: Ability to map joint organizational vision and long-term thinking, imagination, and idea generation.
- Detail oriented with an eye for quality
- College BS/BA degree, progressive educational certificate, or equivalent
- 15+ years of experience in Information Security-specifically in Governance, Risk and Compliance.
- Audit experience.
- Risk management experience.
- Policy writing experience.
- Experience reviewing contracts for security language and terms, reviews of MSA’s, NDA’s, SOW’s, etc.
- Business Continuity and Disaster Recovery Planning and Execution experience
- Customer and vendor security, 3rd party risk.
- 6+ years as a people leader.
Extra Impressive
- BA/BS in Computer Science, Engineering, Math, or related subject
- 15+ years of hands-on information security; security-related cloud operations
- Security standard methodologies and concepts
- Preferred certifications: CISSP, CCSP, SSCP, etc.
- Microsoft Azure experience preferred.
- Critical thinking, problem-solving, and decision-making capabilities
- Strong visionary skills to excel in a complex and rapidly evolving environment
For California, Colorado, Connecticut, Nevada, New York, Rhode Island, and Washington-based candidates: the annual base pay range for this role is listed below. Within this range, individual pay is determined by several factors, including location, job-related skills, work experience, and relevant education and/or training. This role may also be eligible for discretionary bonuses, equity, and/or commissions, as well as benefits.
Salary Range$225,500—$338,225 USDBenefits
As an employee at OneTrust, you will be part of the OneTeam. That means you’ll receive support physically, mentally, and emotionally so that you can do your best work both in and out of the office. This includes comprehensive healthcare coverage, remote or hybrid workplace flexibility, flexible PTO, equity stock options, annual performance bonus opportunities, retirement account support, 14+ weeks of paid parental leave, career development opportunities, company-paid privacy certification exam fees, and much more. Specific benefits differ by country. For more information, talk to your recruiter or visit onetrust.com/careers.
Resources
Check out the following to learn more about OneTrust and its people:
Your Data
You have the right to have your personal data updated or removed. You also have the right to have a copy of the information OneTrust holds about you. Further details about these rights are available on the website in our Privacy Overview. You can change your mind at any time and have your personal data removed from our database. In order to do this you must contact us and let us know you wish to be removed. The request should be made on the Data Subject Request Form.
Our Commitment to You
When you join OneTrust you are stepping onto a launching pad — the countdown has begun. The destination? A career without boundaries working alongside a diverse and inclusive crew who is passionate about doing meaningful work. As a pioneer, your voice and expertise will help chart the direction of an entirely new industry — Trust. Our commitment to putting people first starts with you. Your growth is part of the mission. Our goal is to give you the power to embark on the next phase of your uniquely, unique career
OneTrust provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by local laws.
Tags: Audits Azure CCSP CI/CD CISO CISSP Cloud Compliance Computer Science Governance HITRUST IAM Pentesting Privacy Product security RFPs Risk assessment Risk management SaaS SDLC Security strategy SOC SOC 2 SSCP Strategy
Perks/benefits: Career development Competitive pay Conferences Equity / stock options Flex hours Flex vacation Parental leave Salary bonus
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Product Security Engineer jobs
- Open Senior Cybersecurity Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cloud Security Architect jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Network Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Information System Security Officer jobs
- Open Security Consultant jobs
- Open Information Systems Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Information Security Architect jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Security Architect jobs
- Open CISA-related jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open GCP-related jobs
- Open ISO 27001-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open DoD-related jobs
- Open DevOps-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Vulnerability management-related jobs
- Open Security Clearance-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Security assessment-related jobs
- Open SQL-related jobs
- Open PowerShell-related jobs